Stronger Sense of Identity

By Cameron Sturdevant  |  Posted 2005-12-19 Print this article Print

Opinion: Forces external to enterprises combined to renew focus on identity management this year. These included an increase in phishing e-mail scams and government regulation, combined with maturing identity management products and refinement of i

Forces external to enterprises combined to renew focus on identity management this year. These included an increase in phishing e-mail scams and government regulation, combined with maturing identity management products and refinement of industry technology standards.

Many companies—including RSA, VeriSign, Oracle, Microsoft, Sun and Hewlett-Packard—either released new identity products or acquired identity technologies to bolster current products. The result sets the stage for identity management initiatives to take on more importance in the year ahead.

Indeed, IT managers should put identity management at the top of their planning lists. In particular, they should develop an airtight understanding of how mission-critical applications consume identity data. From this understanding should come a schematic of how directory information is being used by applications; how the directory data is being maintained; and how it can be most efficiently provided, protected and updated to meet business needs while also complying with audit and privacy regulations.

As identity management became a more pressing concern, organizations this year worked harder to define where identity information is currently stored, what applications need the data and who in the organization controls the data—laying the foundation for an effective technology deployment, whatever the technology might be.

And there is no doubt in my mind there will be an even greater insistence on effective identity management next year, to control the costs of conforming to now-entrenched federal legislation such as Sarbanes-Oxley and Gramm-Leach-Bliley.

But the story of identity management would be a sad one if it were limited to complying with regulations. This year we saw important milestones, such as the Liberty Alliance Project announcement in August that several companies had participated successfully in the first SAML (Security Assertion Markup Language) 2.0 interoperability tests. The SAML tests showed that it is possible to extend trust-based identity outside the company.

This initial success is important to developing federated identity solutions, through which organizations can lower the cost of creating and maintaining a trusted relationship with other businesses. The IEEE is working hard to ensure vendor interoperability, in part because the technologies included in SAML 2.0 are fundamental to providing Web services by asserting attributes and authorization information.

Oracle combines its identity management offerings. Click here to read more. In addition to the technology developments we saw this year, industry consolidation and new technology announcements point to significant progress that is likely to be made next year. Oracle this year went on a veritable identity shopping spree, gobbling up identity management, virtual directory and enterprise-class user provisioning tools. The integration of these technologies speaks to the industry trend toward considering identity management a basic application feature.

Finally, work on WS-Security and a range of other OASIS specs will continue in the coming year, making it much more likely that Web services will play a role in the ongoing implementation of single-sign-on solutions. Ultimately, WS-Security should let applications secure SOAP message exchanges with encryption and authentication support.

Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel